backend-developer
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCREDENTIALS_UNSAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [Data Exposure] (HIGH): The debugging guide explicitly directs the agent to access sensitive configuration files at /opt/nest-api/.env.[dev|production]. These files frequently contain database passwords, API keys, and other secrets, leading to credential exposure.
- [Indirect Prompt Injection] (HIGH): This skill is highly susceptible to indirect prompt injection. Ingestion points: Reads project source code, logs, and configurations via Read, Grep, and Glob tools. Boundary markers: None present in the skill definition to differentiate between system instructions and external data. Capability inventory: Broad Bash access (npm/node), Write, and Edit tools. Sanitization: None; the agent is expected to interpret and modify code directly. Maliciously crafted comments or code in the project could hijack the agent's logic to execute unauthorized commands or exfiltrate data.
- [Unverifiable Dependencies & Remote Code Execution] (MEDIUM): The skill is granted broad permissions for
Bash(npm:*)andBash(node:*). This allows the agent to install arbitrary packages and execute scripts from package managers, which can be leveraged for remote code execution if the agent is influenced by untrusted input.
Recommendations
- AI detected serious security threats
Audit Metadata